| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a fraudulent website to steal authentication data. Security teams can use Sigma rules to detect their phishing campaigns and leverage IOCs provided by CERT-UA to hunt for their activity in SIEM or EDR environments.
There are currently no families associated with this actor.
| 2024-07-26
⋅
SOC Prime
⋅
UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service UAC-0102 |
| 2023-06-19
⋅
⋅
Cert-UA
⋅
Targeted UAC-0102 cyber attacks against UKR.NET service users (CERT-UA#6858) UAC-0102 |